By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,666 Members | 1,784 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,666 IT Pros & Developers. It's quick & easy.

Data decryption issue

P: n/a
I'm trying to get some encryption/decryption routines going to take care of
my data, and while the encryption is working great, I keep running into the
message "Padding is invalid and cannot be removed" on the decryption piece.
From everything I can see, I am doing things correctly here My code is as
follows:

private const string PassStr = "MyPrivateKey";
private static readonly byte[] PassSalt = new byte[] { Byte Byte
Byte Byte Byte};
private static readonly Enabled en;

static Encryption()
{
en = new Enabled();
en.enabled = true;
}

private static byte[] TransDown(char[] TransString)
{
byte[] ResultStr = new byte[TransString.Length];

for (int i = 0; i < TransString.Length; i++)
ResultStr[i] = Convert.ToByte(TransString[i]);

return ResultStr;
}

private static char[] TransUp(Byte[] TransString)
{
char[] ResultStr = new char[TransString.Length];

for (int i = 0; i < TransString.Length; i++)
ResultStr[i] = Convert.ToChar(TransString[i]);

return ResultStr;
}

private static char[] TransDown(String TransString)
{
char[] ResultStr = new char[TransString.Length];

for (int i = 0; i < TransString.Length; i++)
ResultStr[i] = Convert.ToChar(TransString[i]);

return ResultStr;
}

public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
char[] ResultStr = new char[32];
MemoryStream memoryStream;
CryptoStream cryptoStream;
RijndaelManaged rijndael = new RijndaelManaged();
ResultStr = TransDown(PassStr);
rijndael.Key = TransDown(ResultStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.PKCS7;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(TransDown(InputString), 0,
InputString.Length);
cryptoStream.FlushFinalBlock();
//ResultStr = TransUp(memoryStream.ToArray());
cryptoStream.Close();
return TransUp(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
char[] ResultStr = new char[32];
byte[] ResultByte = new byte[InputString.Length];
MemoryStream memoryStream = new
MemoryStream(TransDown(InputString));
memoryStream.Position = 0;
CryptoStream cryptoStream;
RijndaelManaged rijndael = new RijndaelManaged();
ResultStr = TransDown(PassStr);
rijndael.Key = TransDown(ResultStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.PKCS7;
rijndael.Mode = CipherMode.CBC;
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Read);
cryptoStream.Read(ResultByte, 0, InputString.Length);
cryptoStream.Close();
return TransUp(ResultByte);
}
else
return TransDown(" ") ;
}
else
return TransDown("Not Authorized");
}

The message I am getting is:

Msg 6522, Level 16, State 2, Line 1
A .NET Framework error occurred during execution of user defined routine or
aggregate 'Decrypt':
System.Security.Cryptography.CryptographicExceptio n: Padding is invalid and
cannot be removed.
System.Security.Cryptography.CryptographicExceptio n:
at System.Security.Cryptography.RijndaelManagedTransf orm.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
at
System.Security.Cryptography.RijndaelManagedTransf orm.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.Read(Byt e[] buffer, Int32
offset, Int32 count)
at SQLEncryption.Encryption.Decrypt(Char[] InputString)

Can anyone tell me where I am going wrong? I don't know the cryptography
components well enough to have a clue about what I am doing wrong. Thanks.
Aug 1 '08 #1
Share this Question
Share on Google+
13 Replies


P: n/a
On Fri, 01 Aug 2008 15:33:10 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
I'm trying to get some encryption/decryption routines going to take care
of
my data, and while the encryption is working great, I keep running into
the
message "Padding is invalid and cannot be removed" on the decryption
piece.
From everything I can see, I am doing things correctly here My code is
as
follows:
All due respect, I don't see how if you can't successfully decrypt the
data, you can assert that "the encryption is working great". Isn't it
possible that your decryption is correct, but because the encryption is
wrong, the decryption step still fails? :)

Anyway, I'm not an expert in this encryption/decryption you're doing. But
I do note that you seem to be using bytes and characters interchangeably,
which is generally a bad idea. For all I know, the conversions you're
doing are valid in this context, but I can tell you that in many contexts
they wouldn't be. It's possible they are invalid here as well (in at
least one part of the code you posted, it seems probable to me).

Instead of your "TransUp" and "TransDown" methods, you might want to
consider using the character-to-byte conversions provided by the Encoding
class. That will allow you a reliable, round-trip conversion between the
Unicode characters that define a .NET string and actual bytes.

Pete
Aug 1 '08 #2

P: n/a
Unfortunately I tried the built-in conversion routines and couldn't get them
to work. Maybe I've just been in Delphi too long to be able to figure this
stuff out again. As far as the Encrypt routine goes, I know it works
because I can successfully decrypt a single record at a time. The problem
comes into play when I'm trying to decrypt more than one record (passed in
from MSSQL). First one or two work great, then i get this blowing up. Is
there something I need to do to remove extra padding? I haven't seen
anything like that so far.

Tom

"Peter Duniho" <Np*********@nnowslpianmk.comwrote in message
news:op***************@petes-computer.local...
On Fri, 01 Aug 2008 15:33:10 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
>I'm trying to get some encryption/decryption routines going to take care
of
my data, and while the encryption is working great, I keep running into
the
message "Padding is invalid and cannot be removed" on the decryption
piece.
From everything I can see, I am doing things correctly here My code is
as
follows:

All due respect, I don't see how if you can't successfully decrypt the
data, you can assert that "the encryption is working great". Isn't it
possible that your decryption is correct, but because the encryption is
wrong, the decryption step still fails? :)

Anyway, I'm not an expert in this encryption/decryption you're doing. But
I do note that you seem to be using bytes and characters interchangeably,
which is generally a bad idea. For all I know, the conversions you're
doing are valid in this context, but I can tell you that in many contexts
they wouldn't be. It's possible they are invalid here as well (in at
least one part of the code you posted, it seems probable to me).

Instead of your "TransUp" and "TransDown" methods, you might want to
consider using the character-to-byte conversions provided by the Encoding
class. That will allow you a reliable, round-trip conversion between the
Unicode characters that define a .NET string and actual bytes.

Pete

Aug 1 '08 #3

P: n/a
On Fri, 01 Aug 2008 16:04:45 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
Unfortunately I tried the built-in conversion routines and couldn't get
them
to work.
I respectfully suggest that you try again. They aren't actually that hard
to use (they are basically the same as the special-purpose methods you've
written, except that they do the conversion correctly). If you have
specific questions about their use, please feel free to post those
questions here. Surely among all of us there'd be someone who can help.
Maybe I've just been in Delphi too long to be able to figure this
stuff out again. As far as the Encrypt routine goes, I know it works
because I can successfully decrypt a single record at a time. The
problem
comes into play when I'm trying to decrypt more than one record (passed
in
from MSSQL).
That doesn't tell you that the encryption works. It only tells you that
the encryption and decryption both work when you have only one record.
Since they both work with just one record, and since _something_ fails
when you have more than one record, you still don't know whether it's the
encryption, decryption, or both that are flawed in the "more than one
record" scenario.

As for what's actually wrong, I will point out that since the code you
posted isn't a concise-but-complete sample of code, and in particular does
not demonstrate how exactly you use it in the "more than one record"
scenario, it may not be possible at all to explain what you're doing wrong.

It would be much better if you would post an actual concise-but-complete
code sample that reliably demonstrates the problem you're having.

Pete
Aug 2 '08 #4

P: n/a
Peter,

I do appreciate the advice. I did try the Convert routines again, and am
still running into trouble. Specifically, I have tried the
Convert.FromBase64CharArray and Convert.ToBase64CharArray functions, and am
running into roadblocks since my strings do not fit into the limits of
allowed characters (a..z, A..Z, 1..0, and +/). I have spaces and sometimes
other characters (@, and ' are the most common ones). For that reason, I
was using my own that would convert all. At this point, I don't know how I
could get everything to convert down without the functions I wrote, crude as
they are. Thanks

Tom
"Peter Duniho" <Np*********@nnowslpianmk.comwrote in message
news:op***************@petes-computer.local...
On Fri, 01 Aug 2008 16:04:45 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
>Unfortunately I tried the built-in conversion routines and couldn't get
them
to work.

I respectfully suggest that you try again. They aren't actually that hard
to use (they are basically the same as the special-purpose methods you've
written, except that they do the conversion correctly). If you have
specific questions about their use, please feel free to post those
questions here. Surely among all of us there'd be someone who can help.
>Maybe I've just been in Delphi too long to be able to figure this
stuff out again. As far as the Encrypt routine goes, I know it works
because I can successfully decrypt a single record at a time. The
problem
comes into play when I'm trying to decrypt more than one record (passed
in
from MSSQL).

That doesn't tell you that the encryption works. It only tells you that
the encryption and decryption both work when you have only one record.
Since they both work with just one record, and since _something_ fails
when you have more than one record, you still don't know whether it's the
encryption, decryption, or both that are flawed in the "more than one
record" scenario.

As for what's actually wrong, I will point out that since the code you
posted isn't a concise-but-complete sample of code, and in particular does
not demonstrate how exactly you use it in the "more than one record"
scenario, it may not be possible at all to explain what you're doing
wrong.

It would be much better if you would post an actual concise-but-complete
code sample that reliably demonstrates the problem you're having.

Pete

Aug 4 '08 #5

P: n/a
On Mon, 04 Aug 2008 09:15:45 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
Peter,

I do appreciate the advice. I did try the Convert routines again, and am
still running into trouble. Specifically, I have tried the
Convert.FromBase64CharArray and Convert.ToBase64CharArray functions
I recommended the Encoding class, not the Convert class.
Aug 4 '08 #6

P: n/a
Ok, I have the UTF8Encoding class in place, and it seems to be working fine.
Now I am trying to run the decrypt, and am getting an error that I can't
figure out. The Decrypt function is similar to the posted one, but with the
encoding changes. To use it, I'm running a SQL statement against the
function as "SELECT dbo.Decrypt(Name1) FROM Customers." Now I'm getting an
error as follows from MS SQL Server:

Msg 6522, Level 16, State 2, Line 1
A .NET Framework error occurred during execution of user defined routine or
aggregate 'Decrypt':
System.Security.Cryptography.CryptographicExceptio n: Padding is invalid and
cannot be removed.
System.Security.Cryptography.CryptographicExceptio n:
at
System.Security.Cryptography.RijndaelManagedTransf orm.DecryptData(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer,
Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
at
System.Security.Cryptography.RijndaelManagedTransf orm.TransformFinalBlock(Byte[]
inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFin alBlock()
at System.Security.Cryptography.CryptoStream.Dispose( Boolean disposing)
at System.IO.Stream.Close()
at SQLEncryption.Encryption.Decrypt(Char[] InputString)
..

So, I have extra padding in place, but I don't know if the padding mode
matters. I've tried using PKCS7, ISO10126, and no padding modes. On the
PKCS7 and ISO10126, I can encrypt just fine, but the decrypt function
returns the above error, but the encrypt does not work when padding is
specified to be none.

"Peter Duniho" <Np*********@nnowslpianmk.comwrote in message
news:op***************@petes-computer.local...
On Mon, 04 Aug 2008 09:15:45 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
>Peter,

I do appreciate the advice. I did try the Convert routines again, and am
still running into trouble. Specifically, I have tried the
Convert.FromBase64CharArray and Convert.ToBase64CharArray functions

I recommended the Encoding class, not the Convert class.

Aug 4 '08 #7

P: n/a
On Mon, 04 Aug 2008 12:37:41 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
Ok, I have the UTF8Encoding class in place, and it seems to be working
fine.
Except for the part that doesn't, of course. :)
Now I am trying to run the decrypt, and am getting an error that I can't
figure out. [...]
And you still haven't posted a concise-but-complete code sample.

My best guess, knowing very little about the encryption/decryption stuff
per se, but have some familiarity with this sort of "stream
transformation" stuff more generally, is that you are somehow trying to
pack multiple transformations (encryption/decryption) into a single stream
but without properly delineating each section. If true, that would result
in the transformation of one section incorrectly trying to use data from
another section.

Especially since you say it works fine when you encrypt/decrypt just one
section, this seems like a reasonably likely explanation.

Until you offer more information, I really don't see how anyone could
offer more specific advice.

Pete
Aug 4 '08 #8

P: n/a
Ok, the overall problem is this. I have two functions in a C# .DLL as
follows:
public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(E.GetBytes(InputString), 0,
InputString.Length);
cryptoStream.FlushFinalBlock();
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if (InputString.ToString() == "NULL")
{
return TransDown("");
}
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
byte[] iString;
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Write);
iString = E.GetBytes(InputString);
cryptoStream.Write(iString, 0, iString.Length);
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

This .DLL gets loaded into a MSSQL database and the functions get loaded as
Scalar-Valued functions. They are then called in SQL with statements such
as "SELECT dbo.DECRYPT(SSN) FROM CUSTOMER" to take the encrypted form of the
SSN and decrypt it for display to authorized users. The problem is, when I
encrypt with no padding, I get an error, but when I decrypt with some form
of padding (the same as used to encrypt), I get an error that the padding is
invalid.

"Peter Duniho" <Np*********@nnowslpianmk.comwrote in message
news:op***************@petes-computer.local...
On Mon, 04 Aug 2008 12:37:41 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
>Ok, I have the UTF8Encoding class in place, and it seems to be working
fine.

Except for the part that doesn't, of course. :)
>Now I am trying to run the decrypt, and am getting an error that I can't
figure out. [...]

And you still haven't posted a concise-but-complete code sample.

My best guess, knowing very little about the encryption/decryption stuff
per se, but have some familiarity with this sort of "stream
transformation" stuff more generally, is that you are somehow trying to
pack multiple transformations (encryption/decryption) into a single stream
but without properly delineating each section. If true, that would result
in the transformation of one section incorrectly trying to use data from
another section.

Especially since you say it works fine when you encrypt/decrypt just one
section, this seems like a reasonably likely explanation.

Until you offer more information, I really don't see how anyone could
offer more specific advice.

Pete

Aug 4 '08 #9

P: n/a
On Mon, 04 Aug 2008 14:03:03 -0700, Tom Andrecht
<to**********@nospam.dmacorporation.comwrote:
Ok, the overall problem is this. I have two functions in a C# .DLL as
follows:
Jon Skeet has a couple of articles you may find helpful:
http://www.yoda.arachsys.com/csharp/complete.html
http://www.yoda.arachsys.com/csharp/incomplete.html

Another helpful reference (Java-specific, but still relevant):
http://homepage1.nifty.com/algafield/sscce.html
Aug 4 '08 #10

P: n/a
Tom Andrecht wrote:
Ok, the overall problem is this. I have two functions in a C# .DLL as
follows:
public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(E.GetBytes(InputString), 0,
InputString.Length);
This is not good. The number of bytes in UTF-8 encoding and
the number of chars does not need to be the same.

cryptoStream.Write(E.GetBytes(InputString), 0,
E.GetByteCount(InputString));
cryptoStream.FlushFinalBlock();
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
This is not good.

You should not try and save random bytes (which encrypted data is)
in chars or strings.

Return a byte array of convert to Base64 or Hex.
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if (InputString.ToString() == "NULL")
{
return TransDown("");
}
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
byte[] iString;
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Write);
iString = E.GetBytes(InputString);
cryptoStream.Write(iString, 0, iString.Length);
Same problem.
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}
Arne
Aug 5 '08 #11

P: n/a
Arne Vajhøj wrote:
Tom Andrecht wrote:
>Ok, the overall problem is this. I have two functions in a C# .DLL as
follows:
public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(E.GetBytes(InputString), 0,
InputString.Length);

This is not good. The number of bytes in UTF-8 encoding and
the number of chars does not need to be the same.

cryptoStream.Write(E.GetBytes(InputString), 0,
E.GetByteCount(InputString));
> cryptoStream.FlushFinalBlock();
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());

This is not good.

You should not try and save random bytes (which encrypted data is)
in chars or strings.

Return a byte array of convert to Base64 or Hex.
> }
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if (InputString.ToString() == "NULL")
{
return TransDown("");
}
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
byte[] iString;
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Write);
iString = E.GetBytes(InputString);
cryptoStream.Write(iString, 0, iString.Length);

Same problem.
> cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}
Try:

public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(E.GetBytes(InputString), 0,
E.GetByteCount(InputString));
cryptoStream.FlushFinalBlock();
cryptoStream.Close();
return
Convert.ToBase64String(memoryStream.ToArray()).ToC harArray();
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if (InputString.ToString() == "NULL")
{
return TransDown("");
}
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
byte[] iString;
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Write);
iString = Convert.FromBase64CharArray(InputString,
0, InputString.Length);
cryptoStream.Write(iString, 0, iString.Length);
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

Arne

PS: And I would prefer string over char[] anyway.
Aug 5 '08 #12

P: n/a
Arne,

That worked perfectly and solved my problem completely. Thanks for your
advice.

Tom

"Arne Vajhøj" <ar**@vajhoej.dkwrote in message
news:48***********************@news.sunsite.dk...
Arne Vajhøj wrote:
>Tom Andrecht wrote:
>>Ok, the overall problem is this. I have two functions in a C# .DLL as
follows:
public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(E.GetBytes(InputString), 0,
InputString.Length);

This is not good. The number of bytes in UTF-8 encoding and
the number of chars does not need to be the same.

cryptoStream.Write(E.GetBytes(InputString), 0,
E.GetByteCount(InputString));
>> cryptoStream.FlushFinalBlock();
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());

This is not good.

You should not try and save random bytes (which encrypted data is)
in chars or strings.

Return a byte array of convert to Base64 or Hex.
>> }
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if (InputString.ToString() == "NULL")
{
return TransDown("");
}
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
byte[] iString;
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Write);
iString = E.GetBytes(InputString);
cryptoStream.Write(iString, 0, iString.Length);

Same problem.
>> cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

Try:

public static char[] Encrypt(char[] InputString)
{
if (en.enabled)
{
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(E.GetBytes(InputString), 0,
E.GetByteCount(InputString));
cryptoStream.FlushFinalBlock();
cryptoStream.Close();
return
Convert.ToBase64String(memoryStream.ToArray()).ToC harArray();
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

public static char[] Decrypt(char[] InputString)
{
if (en.enabled)
{
if (InputString.ToString() == "NULL")
{
return TransDown("");
}
if ((InputString != null) && (InputString.Length 0))
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
UTF8Encoding E = new UTF8Encoding();
byte[] iString;
RijndaelManaged rijndael = new RijndaelManaged();
rijndael.Key = E.GetBytes(PassStr);
rijndael.IV = PassSalt;
rijndael.Padding = PaddingMode.ISO10126;
rijndael.Mode = CipherMode.CBC;
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream,
rijndael.CreateDecryptor(), CryptoStreamMode.Write);
iString = Convert.FromBase64CharArray(InputString, 0,
InputString.Length);
cryptoStream.Write(iString, 0, iString.Length);
cryptoStream.Close();
return E.GetChars(memoryStream.ToArray());
}
else
return TransDown("NULL");
}
else
return TransDown("Not Authorized");
}

Arne

PS: And I would prefer string over char[] anyway.

Aug 5 '08 #13

P: n/a
Ok, the overall problem is this. I have two functions in a C# .DLL as
follows:
....snip code...
This .DLL gets loaded into a MSSQL database and the functions get
loaded as Scalar-Valued functions. They are then called in SQL with
statements such as "SELECT dbo.DECRYPT(SSN) FROM CUSTOMER" to take the
encrypted form of the SSN and decrypt it for display to authorized
users. The problem is, when I encrypt with no padding, I get an
error, but when I decrypt with some form of padding (the same as used
to encrypt), I get an error that the padding is invalid.
Since you are loading this assembly into an MSSQL database I assume the database
is either SQL 2005 or 2008 both of which already have native support for
AES encryption (along with triple DES, RSA and numerous hashing algorithms.
My question is: why not use the existing functions rather than rolling your
own especially since the SQL encryption/decryption functionality takes care
of generating and storing a nonce value for the encryption IV every time
you write to the cell and you can delegate key management to SQL Server.

For more details you can see the slide deck and code from a recent presentation
I gave on encryption in SQL Server here: http://www.bennettadelson.com/downlo...G/June2008.zip
.. The last slide in the deck also contains a number of resources that provide
more details on the encryption available.

Aug 8 '08 #14

This discussion thread is closed

Replies have been disabled for this discussion.